Understanding Sealer: Core Concepts, Module Breakdown, and Architecture

Introduction

In the previous session we briefly explored Sealer; now we dive into its overall architecture and how it works, inviting readers to hop on board.

Core Concepts

Sealer introduces three main concepts: CloudImage, Kubefile, and Clusterfile.

CloudImage : Similar to a DockerImage, its rootfs is a Kubernetes cluster and it contains all dependencies required by your application (e.g., Docker images, YAML files, Helm charts, etc.). Kubefile : Describes how to build a CloudImage. Clusterfile : Defines the configuration for running a cluster image.

Just as Docker uses a Dockerfile to build an image and Docker Compose to run containers, Sealer uses a Kubefile to build a CloudImage and a Clusterfile to launch the entire Kubernetes cluster.

While Docker images a single container, Sealer images an entire Kubernetes cluster, making distributed software delivery much easier.

Module Overview

The project consists of many modules, each serving a specific purpose:

applications : Contains various Kubefiles (e.g., Calico, Helm files). apply : Runs a cluster. build : Creates a CloudImage. check : Performs pre‑check before installing a cluster image and post‑check to verify pods and services. client : Interacts with the Kubernetes API (e.g., fetching node information). cloud : Provides a UI‑like interface to execute Sealer without shell scripts. command : Proxy for commands not natively available on the system (e.g., ipvs controls). common : Holds generic constants and utilities. config : Manages configuration parameters such as Helm credentials. docs : Documentation resources. filesystem : Handles mounting images, file cleanup, and distribution. guest : Processes higher‑level instructions. hack : Contains various scripts. image : Manages local storage of images and interaction with Docker Hub. ifra : Integrates with public clouds (e.g., launching VMs on Alibaba Cloud). ipvs : Configures IPVS rules. logger : Configures logging. parser : Parses Kubefiles. runtime : Manages the lifecycle of the Kubernetes cluster. sealer : Main binary entry point (the standard Cabra project). seautil : Binary that proxies commands to execute on remote machines. test : Integration (e2e) tests. type : Defines data structures. utils : General utilities such as SSH and overlay2 handling. vender : Maintains third‑party dependencies via Go modules.

Architecture Diagram

Implementation Layer

This layer builds on reusable libraries from the generic capability layer and does not concern itself with the source of images or the specific functions of each module.

Generic Capability Layer

Provides core capabilities for handling cluster images, such as parsing Kubefile and defining the Clusterfile structure.

Standard Definition Layer

Defines the standards that the implementation layer must strictly follow, e.g., the syntax of Kubefile and the required fields in Clusterfile, as well as the standards for the rootfs of cloud images.

Conclusion

After understanding Sealer’s core concepts, modules, and architecture, you should have a clear picture of how it works. If you found this useful, please follow and like the author.

Reference: Sealer official documentation – https://github.com/alibaba/sealer